cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1147
Views
3
Helpful
2
Replies
oswaldo81
Beginner

Nexus 7000 vPC modification - avoiding type1 inconsistencies

Hi Everyone,

I need to configure some features on a pair of Nexus 7000's running 4.2(6) - one of them is Root Guard.

I am aware that when I enable Root Guard on the first vPC peer, the vPC will go into suspended state until I configure the other vPC peer identically.

This is causing me a big service disruption headache as I need to do this for a whole Data Centre.

I see on the Nexus 5k, you can do port-profiles which seems to enabled config synchronisation across vPC peers - so I assume the vPC would stay up due to both peers receiving config at exactly the same time - but this feature is not available on Nexus 7k.

Does anybody know for sure if I were to create a scheduled job to run at the same time on both vPC peers with identical config content - i.e. apply Root Guard to vPC - would this prevent the vPC going into suspend state?

If not, do you know of any other ways to prevent vPC going into suspend?

Thanks in advance for any advice!

2 REPLIES 2
sachinraja
Engager

Hi Oswaldo

Type 1 inconsistencies are a little difficult to manage... Yes,... root guard is one of type 1 inconsistency... how is your vpc laid out ? Do you have VPC between your N7k's and also to all the access layer N5k's ? why do you want to apply root guard when you have VPC, since STP is kind of not really hazardous with VPC ? I think its a good idea to bring up the root guard , and all other STP related parameters when initially configuring the switch, but if we need to add it on, we might need a downtime.

Hope this helps..

Raj

Hi Raj,

thankyou for your response.

We have VPC between Core - Aggregation - all 7k and Aggregation to Access (5ks). VPC down from Core all the way to Access and also up all the way from Access to Core.

So from a STP point of view, the topology is a single switch for Core, Aggregation and Access - so no loops.

I agree this limits the potential for trouble if a switch is plugged into the access layer by mistake for example - but the customer is adamant they want it (RootGuard).

Thanks,

Oswaldo